“http_content_type”: The type of data returned (ex: application/x-gzip)

“cookie”

In addition to these fields, if the extended logging is enabled in the suricata.yaml file the following fields are (can) also included:

“length”: The content size of the HTTP body

“status”: HTTP statuscode

“protocol”: Protocol / Version of HTTP (ex: HTTP/1.1)

“http_method”: The HTTP method (ex: GET, POST, HEAD)

“http_refer”: The referer for this action

In addition to the extended logging fields one can also choose to enable/add from 47 additional custom logging HTTP fields enabled in the suricata.yaml file. The additional fields can be enabled as following: